Incident response and security operations
The framework I'm most known for — Incident Response 2.0 — replaces reactive firefighting with a measured operating loop. It rests on four pillars and gives teams something concrete to run during an incident, not just after one. The work is making incident response something a team can prove, not just perform.
→IR 2.0 · Sense → Decide → Act → Learn